Sunday, August 08, 2010

Shut up and ship

Over the weekend I got to hear about an attempt to avoid Internet censorship called Haystack. I thought on a technical level it might be interesting to read about how they want to get around the Iranian government's web filtering. It's an interesting topic because evading the Chinese government's firewall has been discussed in some technical circles for a while.

Alas, the Haystack web site has zero technical details. Worse, they plan to keep their software closed source. So, there's no way of evaluating their claim that their amazing software will help Iranian citizens evade Internet filtering in Iran. That hasn't stopped them getting in Newsweek and asking you to send them donations.

Now, it may well be the case that these folks are onto something, but I wouldn't trust a closed source piece of vaporware if I were trying to evade a government (any government). IMHO, the gold standard for hiding stuff from prying governmental eyes is PGP. It's open source and its design was discussed heavily in public and has been vetted. Or how about TrueCrypt? Open source, publicly vetted.

Worryingly, Haystack's only 'technical' detail is the following: "We use state-of-the-art elliptic curve cryptography to ensure that these communications cannot be read." Fair enough, but frankly that means nothing. They could be using AES, or RSA, or pretty much any good algorithm and I still wouldn't care. Two reasons: their implementation might be rubbish and enable attacks or their cryptography might be irrelevant because another technique (traffic analysis?) might make breaking Haystack possible. After all, all the Iranian government needs is a list of people running the software.

(Actually, using ECC might be a net negative. You don't really want to be messing around with something that's relatively (in crypto-years) new, patent encumbered, and slow. Using ECC indicates that either the people behind Haystack are either incredibly knowledge about cryptography or the opposite.)

And then there's the 'genius' (at least that's what Newsweek makes him out to be) who designed this software. His CV touts his degree in marketing and extensive experience with PHP. I guess he might have a hidden crypto background but I'm also guessing he's no Phil Zimmerman. I realize readers might be uncomfortable with an ad hominem criticism, but without any code or technical details all I can go on is the technical chops of the person behind Haystack.

Of course, there's a simple solution to my criticisms: shut up and ship. Ship an open source version of your code and let's take a look at it. Let the Iranian government have a look at it. Then we'll know if it's vaporware or regime-changing ware.

I had similar feelings about Diaspora who raised $200k in donations without showing a line of code. All they had to do was aspire to take on Facebook (with a privacy angle).

If it isn't clear, I detest this "get lots of press for my vaporware project, get people to donate, then work on something (or not)" approach.

Shut up and ship.

But perhaps I should give Austin Heap (Haystack's mastermind) the final word:

“I hope we are ready to take on the next country,” he replied. “We will systematically take on each repressive country that censors its people. We have a list. Don’t piss off hackers who will have their way with you. A mischievous kid will show you how the Internet works.”

ECC is not necessarily patent encumbered or slow. Many implementations of ECDSA are significantly faster than DSA or RSA. And while some certain specialized forms of ECC are patented (especially those using GF(2^m) arithmetic, which are more suited for hardware implementation anyway), basic ECC algorithms can easily be implemented using algorithms publicly described before about 1990, putting them well outside any patent window. The IETF is currently working on a document (draft-mcgrew-fundamental-ecc) which describes precisely how to do this, with full references.

I don't know if algorithms first described 25 years ago really count as 'new', but I suppose that is a personal position.

That's all fine and dandy, and many of us working in this area do understand the need to keep things secret, but Heap has refused not only publicization of his code, but also impartial tool evaluation by experts.

Additionally, he was given an award by the Guardian without them ever evaluating his work.

Lastly, the numerous Iranians I've spoken to have not seen, nor had access to Haystack. If Iranian dissidents can't get the tool, we really ought to be concerned about its existence.